Wednesday, April 25, 2012

How is CISPA Dangerous

What's CISPA?

It's the Cyber Intelligence Sharing and Protection Act of 2011, and is technically an amendment to the National Security Act of 1947. It allows companies (ISPs) to share your information with the government for "national security purposes."

Why is it dangerous?

Numerous sources say that the wording of the bill is "painfully vague," and could allow for misuse and abuse under the guise of "cyber" security. As with SOPA and PIPA, your right to a reasonable expectation of privacy is obliterated. This bill will override any current privacy laws in place. One may argue that anything we do on the Internet is not private. While I might agree for certain things, I should have a reasonable expectation of privacy when surfing the Net. Oh, and they don't even have to tell you when there's been a request for your personal data.

I'm all for protecting our infrastructure against "cyber" (I really hate that word) attacks, but our forefathers put checks and balances in place for a reason. If you require my personal data, either I give you permission to access it, or you have just cause for a warrant, signed by a judge, to obtain it. None of this:

GOV:"Plz can we have sum dataz?"
CORP: "Sure! Herez some really juicy stuff on Joe Schmoe"
GOV: "Sweet! OMG! Look at all this cyber informashunz! You rock, CORP!"
CORP: "NP!"
GOV: "Kthxbai!"

How does it differ from SOPA?

Well, here's a link that explains a little about how it's different. Basically it boils down to CISPA being aimed at protecting against "cyber" attacks, while SOPA was aimed at protecting intellectual property. Second, it protects companies that share your data against lawsuits that one might bring against them for not protecting your private information. Lastly, the main difference is that it has the support of some of the corporations that were against SOPA, e.g. Google and Facebook.

Why are they for this bill?

Simple. It protects them from losing millions of dollars in a possible lawsuit brought against them for sharing your private information. It also takes the job of policing the Internet out of their hands as they would have had to do with SOPA -- again, saving them millions of dollars.

Want proof that our country is run by "we, the corporations" and not "we, the people?"

With the support of major corporations, and a massive protest by the people, SOPA was defeated. Without the support of major corporations, but with massive protests by the people, this bill will probably pass. Luckily, the Obama Administration is opposed to the bill in its current form, and has threatened to veto it.  Unfortunately, this bill has bipartisan support, and may be able to override a veto. It currently has 112 cosponsors, with more congress critters claiming support every day.

What the hell can I do to stop the bill from passing?

Go here to send a "TMI" Tweet to your representatives. Fun, but not really effective.

Go here to look up your congress critter and send them an email with your concerns; or call them.

Above all, if we continue to vote for the types of people who care more about corporations than they do about the people, then we deserve what we get. My email to my rep will clearly state that if he votes "yes" on this bill, he will not be getting my vote in the next election. I ask you to do the same.

Kthxbai!

Friday, April 6, 2012

How working in IT prepared me for being a dad

I've worked in IT for probably a decade. My wife and I have a 10 month old son. Looking back on the first 10 months of my son's life, and what in store for us in the future has shown me that there are a few parallels that can be drawn.

Troubleshooting:
That's what some IT folks do for a living. I've spent a few years as a sys admin, and that's what I did for a living. I like to think I was pretty good at fixing problems that sometimes seemed illogical. With computers, it's always a logical problem. It's either a "one" or a "zero." But looking at a problem, sometimes it's difficult to see the one or zero. My Bachelor's degree has nothing to do with systems administration. My degree is in Graphic Design and Computer Art -- which believe it or not has helped me see illogical solutions in logical problems. So, I like to think that I was pretty decent at troubleshooting. However, experience helps. The more you've seen, the better prepared you are to fix a problem, and you always do what you know first. Can't get to the Internet? Can't get email? Can't figure out why a server is being 'illogical?'

"Have you tried turning it off and back on again?"

Reboot. If all else fails, call in support.

How in the hell did this help prepare me for being a dad?

Baby won't stop crying. Is he hungry? Is he wet? Did he bump his head? Do what you know first. If that doesn't work, reboot the baby. It's amazing how sometimes the simplest solution is a nap. I wish I could take naps more often. I think I'd be more productive. And if that doesn't work, and you're lucky enough to have a great partner/wife/mother to your child like I do, call in support.

Knowledge:
Being a dad has also given me some insight into my life in IT. No one can fix every problem. No one knows everything. I've been fortunate enough in my profession to be a decent troubleshooter, but I do not kow everything -- far from it. I cannot fix every problem. Not every problem has an easy solution. Patience is key. There will be days when your kid wants to do nothing but be fussy, and there will be days when your servers will be 'illogical.' All you can do is what you can do. After that you're just winging it.

Security:
I've always been security-conscious as a sys admin, and my career path is moving in that direction (Master's degree expected very shortly). I think that's helped me as a father as well. Computer security is all about risk. What vulnerabilities and threats exist that create a risk to your operating environment? Essentially computer security is about risk awareness. While nothing is hack-proof (including your house and your kid), as long as you're aware of the threats to your environment, you're better off -- Remember the "unknown unknowns" comment from a past Defense Secretary?

Hack your kid? WTF!?! Sure (but don't take him apart). Hacking has gotten a bad rap lately, but hacking in its most simple form is about trying to find out how things work. Find out how he works. Find out what makes him laugh/cry/fuss/stare into oblivion. Will your kid hack you and the precautions you've put in place. Absolutely. There's nothing you can do about it. Just be aware of the threats and their associated risks.

My wife mentioned to me recently how every day she sees proof that she's a mom. She recently took our son to a party, and noticed how her priorities have shifted. When you walk into a room with a 10-month old and put him down, you evaluate the potential threats to your son, and what risks they pose. Floor-length curtains? Bad. Accessible wall outlets? Bad. Power cords? Bad. Raised floors / steps? Bad. Unsecured book shelves? Very bad. These all pose a risk to my son, but I'm secure in the knowledge that I'm aware of these risks. I've evaluated them, and I keep a close eye on him to ensure these threats do not interfere with his security.

Education:
I've also learned that whether it's about IT or about my kid, I'm going to be 'in school' for the rest of my life. If you work in IT, especially computer security, and you're not constantly learning, you will go extinct. The same goes for being a dad. You will be learning for the rest of your life, whether you like it or not. As one of my previous bosses put it, "It never gets easier. It just gets different."

Perspective:
Lastly, the most important thing my son has given me is a little perspective. I go to work. I do my job. I won't fix every problem, and that's okay. I'll go home and spend 10 minutes with my son, and completely forget about the dozens of problems I had at work, and how I wasn't able to fix them all. Someone will still not be getting email when I leave. That's okay. It's really not the end of the world.